HEALTH INFORMATION PRIVACY NOTICE
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED BY WELLDOC/BLUESTAR, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
1. Purpose of this Notice. WellDoc offers BlueStar, a prescription product that provides coaching, clinical support and related services for people with type 2 diabetes. BlueStar is available on-line through a portal on the WellDoc main website and through BlueStar medical application software. Through BlueStar, WellDoc maintains health information about you that includes name, address, your providers, your payors, and information about your condition and treatment (“Health Information”). Health Information may also include information on medical conditions; medications; clinical data from lab tests, exams, and vaccinations; health profile information such as height, weight, body mass index (BMI), and smoking status; and other health data used to manage your diabetes, including blood glucose readings and related data. Such Health Information may be obtained from you when you register as well as from your authorized healthcare service providers, payors and others.
2. The Use and Disclosure of Health Information for Treatment, Payment and Health Care Operations. We may use your Health Information and disclose it to other parties for certain purposes related to your medical treatment (“Treatment”), the payment for your medical treatment (“Payment”), and our health care operations (“Operations”).
Treatment means the health care we provide to you, such as real-time coaching and supporting the coordination of your care between your providers. For instance, we may also contact you to remind you about an appointment. Related to your treatment, BlueStar also analyzes the Health Information that you have given us, such as glucose readings, or that we have obtained from you with your permission from your provider to provide clinical support data to your physician. (The physician decides how to use that data for treatment recommendations.) BlueStar coaches may provide you with information regarding health-related benefits and services that may be of interest to you. This information may also be made available on the BlueStar site or through the application.
Payment means activities related to obtaining reimbursement for the services provided by BlueStar. We may support your providers, such as the pharmacy that prescribes BlueStar, in obtaining reimbursement from your health insurer. We may also work directly with your insurer, such as your employee benefits plan, to determine coverage. If you pay for BlueStar out-of-pocket, we will not submit any information to your health insurer upon your request.
Operations cover a range of activities that are necessary for our business such as quality review and improvement activities; training programs; legal and financial services; business planning and development; management activities related to privacy practices; customer services; internal grievances; and data aggregation. Your information may be used internally for these purposes.
The term “User” refers to you as a BlueStar user, regardless of the means by which you access BlueStar. As a User, you may be (1) a patient (“Patient User”) or (2) a non-patient healthcare service provider, payer (including an employer-sponsored payer), pharmacy, disease management organization, case manager or another individual who is involved in the management or care of the patient, including their employees and agents (“Non-Patient User”).
3. Authorizations. On some occasions we may request an Authorization for WellDoc to disclose your Health Information for other than Treatment, Payment or Operations purposes or as described in this Notice. For instance, we may seek an Authorization if you would like us to share information about you with a friend or relative. We may also require an Authorization when using or disclosing certain highly protected information, such as HIV/AIDS. You may revoke an Authorization at any time except to the extent that we have already used or disclosed your information in reliance on your Authorization. WellDoc may want to provide you with related or alternative treatment options for you, other products and services related to your condition, and other marketing information. We will tell you and seek your Authorization if any of this information is paid for by a third-party. We will not sell your information.
4. Use and Disclosure of Health Information Without Your Permission.In some situations, we are required or permitted to use or disclose your Health Information without obtaining your consent or authorization. Here is a list of some of these situations:
In a form that does not identify you. We may use or disclose information about you if it is in an anonymized statistical or summary form that does not identify you.
To our subcontractors. We may disclose your Health Information to our subcontractors, such as those that assist us with Payment and Operations. We have contracts with each of our subcontractors that require that they protect your information.
As required by law. State, federal and local laws permit or require certain uses and disclosures of Health Information such as to track events. We will only use or disclose your Health Information to the extent the law requires.
To the government for public health activities, health oversight activities and law enforcement. We may be asked or required by law to divulge Health Information to a public health authority such as to track product usage, or for health oversight activities such as government inspections. Police and other law enforcement may seek Health Information from us. We may release this information to law enforcement under limited circumstances, for example, when the request is accompanied by a subpoena.
For judicial and administrative proceedings. We may disclose Health Information as required by a court or administrative order, or in some instances pursuant to a subpoena, discovery request or other legal process.
For research purposes. We may be approached by researchers to provide Health Information for research purposes. On some occasions, we may only provide such information with special waivers and permissions from you.
To avert a serious threat to health and safety or for disaster relief efforts. We may use or disclose your Health Information to avert a serious and imminent threat to the health and safety of an individual.
5. Individual Rights. You have certain rights with respect to your Health Information. If we do not agree to a request by you with respect to your Health Information, please consult the Privacy Officer whose contact information is below.
Restrictions. You have the right to request in writing that we do not disclose certain information about you. We do not have to agree to any restriction that you request. To request a restriction, please contact the Privacy Officer whose contact information is at the end of this Notice.
Confidential Communications. You have the right to request in writing that we restrict the way in which we communicate information regarding your health and health care services, such as when our coaches may call you. We will use reasonable efforts to accommodate your request.
Access. You have the right to inspect and copy most of your Health Information maintained by us. Normally, we will provide you with access within 30 days of your request. We may charge a reasonable copying fee. In certain limited instances, we may deny you access.
Amendment. You have the right to request that we amend your written Health Information. For instance, you can request that we correct an incorrect delivery date in your records. We will generally amend your information within 60 days of your request, and will notify you when we have amended your information. We can deny your request in certain circumstances, such as when we believe that your information is accurate and complete.
Accounting. You have the right to request an accounting from us of certain disclosures made by us. We will generally provide you with your accounting within 60 days of your request.
Paper Notice. You may obtain a paper copy by contacting the Privacy Officer whose contact information is below.
6. Our Obligation to You; Breach. We will maintain your Health Information based on best industry practices and as required by law, and in compliance with this Notice. If your Health Information is breached (hacked, disclosed as a result of a transmission error) we will notify you as required by law.
7. Complaints. If you believe that any of your rights with respect to your Health Information have been violated by us, our employees or agents, please communicate with the WellDoc Privacy Officer at:
Chief Privacy Officer
If we are subject to the Health Insurance Portability and Accountability Act (“HIPAA”), you may also contact the Secretary of the U.S. Department of Health and Human Services. Under no circumstances will we take any retaliation against you for filing a complaint.
8. Amending this Notice. We reserve the right to revise this Notice and to make the revised Notice effective for all Health Information that we created or received prior to the effective date of the revised Notice. Copies of a revised Notice will be available at our offices, and questions may be addressed to the Privacy Officer whose contact information is above. This Notice will be promptly revised if there is a material change to a policy described herein.